86f46c28627a2061a945bee345be31628c606bf663fa1d0114db7a01326813b3 | Triage

Sharing

General

Target

86f46c28627a2061a945bee345be31628c606bf663fa1d0114db7a01326813b3
Size

722KB
Sample

230607-pxqccaae94
MD5

ac83d4756206acdd5017e9d35fed858a
SHA1

e3d1bf051965ec62dfcf837a87a96e155b9761cd
SHA256

86f46c28627a2061a945bee345be31628c606bf663fa1d0114db7a01326813b3
SHA512

7e4ed24ac9c2bba777b34e4b2c3cdaad0a356be46db2f5387b959764b7e5755a14e6a6f388ce06dd194ca81125a2f8914f91fb2a5c9d6498e552dded8c2660fb
SSDEEP

12288:rMrxy90631Yn68Yg8yJ9ZTKzEEdyorB3U2KAA+KYA3qMtWOWffhF5utQBQdKuO:SyN31Y65g8CzKz5F3U2KAA+7Azgf35u8

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  86f46c28627a2061a945bee345be31628c606bf663fa1d0114db7a01326813b3
- Size
  
  722KB
- MD5
  
  ac83d4756206acdd5017e9d35fed858a
- SHA1
  
  e3d1bf051965ec62dfcf837a87a96e155b9761cd
- SHA256
  
  86f46c28627a2061a945bee345be31628c606bf663fa1d0114db7a01326813b3
- SHA512
  
  7e4ed24ac9c2bba777b34e4b2c3cdaad0a356be46db2f5387b959764b7e5755a14e6a6f388ce06dd194ca81125a2f8914f91fb2a5c9d6498e552dded8c2660fb
- SSDEEP
  
  12288:rMrxy90631Yn68Yg8yJ9ZTKzEEdyorB3U2KAA+KYA3qMtWOWffhF5utQBQdKuO:SyN31Y65g8CzKz5F3U2KAA+7Azgf35u8
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan